<?php
/**
 * @file This handles all the database interaction for a user.
 */

class user {
  public $uid;
  public $login;
  private $pass;
  public $eid;
  public $updated_at;
  
  function user($Uid,$Login,$Eid,$Updated_at = NULL) {
    $this->uid        = $Uid;
    $this->login      = $Login;
    $this->eid        = $Eid;
    $this->updated_at = $Updated_at;
  }
  
  public static function get($id = NULL) {
    global $conn;
    if (empty($conn)) {
      database_connection();
    }
    $query = 'SELECT u.`uid`, u.`updated_at`,u.`login`,u.`entity_id` ';
    $query .= 'FROM `USERS` u ';
    if($id) {
      if (is_numeric($id) && is_int($id+0)) {
        $query .= 'WHERE u.`uid`=?';
        $statement = $conn->prepare($query);
        $statement->bind_param('i',$id);
        $statement->bind_result($this->uid, $this->updated_at, $this->login,$this->eid);
        $statement->execute();
        if ($return = $statement->fetch()) {
          return $this;
        }
        return $return;
      }
      if (is_array($id) && !empty($id)) {
        $query .= 'WHERE u.`uid` IN (';
        foreach($id as $item) {
          $query .= '?,';
        }
        $query = substr($query,0,-1) . ')';
        $statement = $conn->prepare($query);
        foreach($id as $item) {
          $statement::bind_param('i',$item);
        }
        $statement->bind_result($uid,$updated_at,$login,$eid);
        $statement->execute();
        $return = array();
        while ($statement->fetch()) {
          $return[] = new user($uid,$updated_at,$login,$eid);
        }
        return $return;
      }
      
    }
    $query .= 'ORDER BY u.`uid` DESC ';
    $query .= 'LIMIT 0,1';
    $statement = $conn->prepare($query);
    $statement->execute();
    $statement->bind_result($this->uid, $this->updated_at, $this->login, $this->eid);
    if ($return = $statement->fetch()) {
      return this;
    }
    return $return;
  }
  
  public static function getAll($order_by = 'uid', $sequence = 'ASC') {
    global $conn;
    if (empty($conn)) {
      database_connection();
    }
    $query = 'SELECT u.`uid`, u.`updated_at`,u.`login`,u.`entity_id` ';
    $query .= 'FROM `USERS` u ';
    $possibilities = array('ASC','DESC');
    if ($order_by && in_array($sequence,$possibilities)) {
      $query .= "ORDER BY ? ?";
      $statement = $conn->prepare($query);
      $statement::bind_param('ss', $order_by, $sequence);
    }
    else {
      $statement = $conn->prepare($query);
    }
    $statement->bind_param($uid,$updated_at,$login,$eid);
    $statement->execute();
    $return = array();
    while($statement->fetch()) {
      $user = new user($uid,$updated_at,$login,$eid);
    }
    return $return;
  }
  
  public static function insert($login, $pass, $path = NULL) {
    global $conn;
    if (empty($conn)) {
      database_connection();
    }
    if ($login) {
      $this->login = $login;
    }
    if ($pass) {
      $this->pass = $pass;
    }
	//
    $query = 'INSERT INTO `ENTITIES` (`definition_id`,`path`)';
    $query .= 'VALUES (?,?)';
    $statement1 = $conn->prepare($query);
	$statement1->bind_param('is', 23, $path);
    $this::secure_pass();
    $query = 'INSERT INTO `USERS` (`login`,`pass`,`entity_eid`)';
    $query .= "VALUES (?, ?, MYSQL_INSERT_ID())";
    $statement2 = $conn->prepare($query);
    $statement2->bind_param('ss', $login, $this->$pass);
    if ($statement1->execute()) {
      return $statement2->execute();
    }
    return FALSE;
  }
  
  public static function update($Uid, $Login, $Pass, $Eid) {
    global $conn;
    if (empty($conn)) {
      database_connection();
    }
	$this = new user($Uid, $Login, $Eid);
	$this->pass = $pass;
	$this::secure_pass();
	$query = 'UPDATE USERS u ';
	$query .= 'SET u.`login`, u.`pass`, u.`entity_eid`=? ';
	$query .= 'WHERE u.`uid`=?';
	$statement->prepare($query);
	$statement->bind_param('sssii', $Login, $this->pass, $Eid);
	/**
	 * public $uid;
  public $updated_at;
  public $login;
  private $pass;
  public $eid;
	 * 
	 * UPDATE [LOW_PRIORITY] [IGNORE] table_reference
    SET col_name1={expr1|DEFAULT} [, col_name2={expr2|DEFAULT}] ...
    [WHERE where_condition]
    [ORDER BY ...]
    [LIMIT row_count]
	 */
  }
  
  private static function secure_pass() {
    $salt = $this.salt();
    $this->pass = crypt($this->pass,$salt);
    return;
  }
  
  private static function salt() {
    return '$2a$10$' . substr(md5('tnanek' . $this->login . $this->pass),0,22);
  }
  
  /**
   * Returns TRUE if it the login credentials are accurate, FALSE otherwise.
   * 
   * @param $login
   *  The login name used.
   * @param $pass
   *  The password entered.
   * @return boolean
   *  Whether the password was accurate or not.
   */
  public static function login($login,$pass) {
    $this->login = $login;
    $this->pass = $pass;
    $this::secure_pass();
    global $conn;
    if (empty($conn)) {
      database_connection();
    }
    $query = 'SELECT u.`pass` FROM `USERS` u WHERE `login`=?';
    $conn->prepare($query);
    $statement->bind_param('s', $login);
    $statement->bind_result($pass);
    $statement->execute();
    $statement->fetch();
    return ($this->pass == $pass);
  }
}
